package com.adobe.granite.auth.saml.model;

import com.adobe.granite.auth.saml.configuration.SpConfiguration;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/auth/saml/model/Assertion.class */
public class Assertion {
    private String version;
    private Calendar issueInstant;
    private String id;
    private Issuer issuer;
    private Subject subject;
    private Calendar notBefore;
    private Calendar notOnOrAfter;
    private LinkedList<String> audienceRestrictions;
    private boolean signatureValid;
    private final int CLOCK_SYNC_TOLERANCE = 60;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private Map<String, Attribute> attributeStatements;

    public void addAttribute(Attribute attribute) {
        if (null == this.attributeStatements) {
            this.attributeStatements = new HashMap();
        }
        this.attributeStatements.put(attribute.getName(), attribute);
    }

    public Map<String, Attribute> getAttributes() {
        return null == this.attributeStatements ? Collections.emptyMap() : this.attributeStatements;
    }

    public boolean isValid(SpConfiguration spConfiguration) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(13, 60);
        if (this.notBefore != null && calendar.before(this.notBefore)) {
            this.log.debug("Invalid Assertion: notBefore violated (" + calendar.toString() + " < " + this.notBefore.toString() + ").");
            return false;
        }
        if (this.notOnOrAfter != null && (calendar.after(this.notOnOrAfter) || calendar.equals(this.notOnOrAfter))) {
            this.log.debug("Invalid Assertion: notOnOrAfter violated: (" + calendar.toString() + " >= " + this.notOnOrAfter.toString() + ").");
            return false;
        }
        if (!this.audienceRestrictions.contains(spConfiguration.getEntityId())) {
            this.log.debug("Invalid Assertion: audienceRestrictions violated.");
            return false;
        }
        if (this.signatureValid) {
            return true;
        }
        this.log.debug("Invalid Assertion: Signature invalid.");
        return false;
    }

    public Calendar getNotBefore() {
        return this.notBefore;
    }

    public void setNotBefore(Calendar calendar) {
        this.notBefore = calendar;
    }

    public Calendar getNotOnOrAfter() {
        return this.notOnOrAfter;
    }

    public void setNotOnOrAfter(Calendar calendar) {
        this.notOnOrAfter = calendar;
    }

    public void addAudienceRestriction(String str) {
        if (null == this.audienceRestrictions) {
            this.audienceRestrictions = new LinkedList<>();
        }
        this.audienceRestrictions.add(str);
    }

    public boolean isSignatureValid() {
        return this.signatureValid;
    }

    public void setSignatureValid(boolean z) {
        this.signatureValid = z;
    }

    public Subject getSubject() {
        return this.subject;
    }

    public void setSubject(Subject subject) {
        this.subject = subject;
    }
}
